
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 1 3-1450 
www.uspio.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



09/878,230 



30594 



06/12/2001 



Kenneth C. Budka 



7590 



01/12/2005 



harness, dickey & PIERCE, p.l.c. 

P.O. BOX 8910 
RESTON, VA 20195 



2925-055 IP 



2080 



EXAMINER 



PICH, PONNOREAY 



ART UNIT 



PAPER NUMBER 



2135 

DATE MAILED: 01/12/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

09/878,230 


Applicant(s) 

BUDKA ET AL 


Examiner 

Ponnoreay Pich 


Art Unit 

2135 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Peri df r Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )M Responsive to communication(s) filed on 12 June 2001 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-18 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) E] The specification is objected to by the Examiner. 

10® The drawing(s) filed on 12 June 2001 is/are: a)D accepted or b)E3 objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

Claims 1-18 have been examined and are pending. 

Drawings 

The drawings are objected to because as it is drawn currently, in step S20, even 
if a ZAP command is sent, it looks like step S14 will be executed no matter what. It is 
unclear from the applicant's specification whether this should occur or not. Corrected 
drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office 
action to avoid abandonment of the application. Any amended replacement drawing 
sheet should include all of the figures appearing on the immediate prior version of the 
sheet, even if only one figure is being amended. The figure or figure number of an 
amended drawing should not be labeled as "amended." If a drawing figure is to be 
canceled, the appropriate figure must be removed from the replacement sheet, and 
where necessary, the remaining figures must be renumbered and appropriate changes 
made to the brief description of the several views of the drawings for consistency. 
Additional replacement sheets may be necessary to show the renumbering of the 
remaining figures. The replacement sheet(s) should be labeled "Replacement Sheet" in 
the page header (as per 37 CFR 1 .84(c)) so as not to obstruct any portion of the 
drawing figures. If the changes are not accepted by the examiner, the applicant will be 
notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 

Specification 

The disclosure is objected to because of the following informalities: 
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1 . On page 1 , line 29 the applicant states that "wireless data router 12". 
This should instead be "wireless data router 14" to be consistent with the 
applicant's drawings. 

2. On page 2, line 1 1 , the applicant discloses a "mobile system." It is 
unclear to the examiner if the applicant means for this to be the same 
thing as the "mobile station" of Fig. 1 . The examiner assumes that to be 
the case. 

3. On page 2, line 19, the applicant discloses the "wireless data network 
14". This should instead say "wireless data router 14" so as to be 
consistent with the applicant's drawing and earlier use of the term. 

4. On page 6, second paragraph, the applicant explains Fig. 3 as it relates 
to how step S14 can be reached. It is not clear to the examiner from 
reading the paragraph and looking at Fig. 3 if the applicant meant for 
step S14 to be reached from step S20 even if a ZAP command is sent. It 
makes no sense to the examiner why registration should continue as the 

. rogue mobile station has just been told to stop registration attempts. 
However, the examiner will assume in the course of examining this case 
that the applicant meant for step S14 to be reached even if a ZAP 
command was sent. 

5. On page 7, lines 1-4. The sentence, which begins: "More than 
registration failure threshold registration failures during a period of time . . 
. " makes no sense at all to the examiner. 
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Appropriate correction is required. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 2-17 are rejected under 35 U.S.C. 112, second paragraph, as being 

indefinite for failing to particularly point out and distinctly claim the subject matter which 

applicant regards as the invention. 

1 . Claim 2 recites the limitation "The method of claim 2" in line 1 . There is 
insufficient antecedent basis for this limitation in the claim. The examiner 
interprets this as broadly as reasonable and assumes the applicant meant to 
say "The method of claim 1 

2. Claim 4 recites the limitation "The method of claim 4" in line 1. There is 
insufficient antecedent basis for this limitation in the claim. The examiner 
interprets this as broadly as reasonable and assumes the applicant meant to 
say "The method of claim 1". 

3. Claim 4 recites the limitation "the registration process" in lines 2 and 3. There 
is insufficient antecedent basis for this limitation in the claim. 

4. Claim 7 recites the limitation "the sending step" in line 3. There is insufficient 
antecedent basis for this limitation in the claim. 

5. Claim 9 recites the limitation "the continuing step" in line 1. There is 
insufficient antecedent basis for this limitation in the claim. 
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6. Claim 12 recites the limitation "the registration process' 1 in lines 2 and 3. 
There is insufficient antecedent basis for this limitation in the claim. 

7. Claim 13 recites the limitation "the incremented failure count" in lines 3 and 4 
and the limitation "the predetermined threshold" in line 4. There is insufficient 
antecedent basis for these limitations in the claim. 

8. Claim 14 recites the limitation "the sending step" in line 3. There is 
insufficient antecedent basis for this limitation in the claim. 

9. Claim 16 recites the limitation "the processing step" in line 1. There is 
insufficient antecedent basis for this limitation in the claim. 

10. Any claim not specifically address were rejected by virtue of dependency. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-4, 8-10, 12, and 15-17 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over He et al (U.S. 6,088,451) in view of Asokan et al (U.S. 

2001/0017856). 

1 . Claim 1 : He et al disclose a method for protecting use of resources in a 
network comprising, processing a request for network resource based on a 
failure count accessed using the identifier for the user equipment, the failure 
count indicating a number of times the user equipment has been denied 
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registration (col 17, line 13-17 and col 26, lines 40-52). He et al does not 
explicitly disclose receiving a communication address request for a temporary 
communication address from user equipment, the communication address 
request including an identifier of the user equipment. However, a request by 
user equipment for a communication address has been known to one of 
ordinary skill in the art at the time of the applicant's invention. It is also known 
by one of ordinary skill that the request can include the user equipment's 
identifier, which is used for authenticating whether or not the user equipment 
has rights to access a network resource. Further, requests of such nature are 
also explicitly disclosed by Asokan et al (p1, paragraph 0009 and p9, claim 
1 1). A communication address is itself a network resource. One of ordinary 
skill would be motivated, when receiving any sort of request for use of 
resources in a network, to not only require an equipment identifier be sent 
with the request, but to also process the request based on a failure count 
using the identifier as this would prevent a brute force authentication attack 
on the network by the user equipment. The examiner has interpreted 
authentication attempts to be the same thing as registration attempts. 
2. Claim 2: He et al disclose the method of claim 1 , wherein the processing step 
comprises: 

a. Accessing the failure count for the user equipment based on the identifier 
(col 17, line 13-17 and col 26, lines 40-52). 
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b. Ignoring the communication address request if the failure count exceeds a 
predetermined threshold (col 17, line 13-17 and col 26, lines 40-52). 
The examiner has interpreted an identifier as any sort of user id, 
password, serial number, network account, or MAC address associated with 
the user equipment which uniquely identifies the user equipment. 

3. Claim 3: He et al disclose the method of claim 2, wherein the processing step 
comprises continuing with a registration process if the failure count does not 
exceed a predetermined threshold (col 17, line 13-17 and col 26, lines 40-52). 

4. Claim 4: He et al disclose the method of claim 1 , further comprising 
incrementing the failure count for the user equipment if during a registration 
process the user equipment is not authenticated (col 17, line 13-17 and col 
26, lines 40-52). It is inherent that since He et al discloses the number of 
failures can reach a certain predetermined threshold that the failure count 
must increase when the user equipment fails to authenticate properly. 

5. Claim 9 and 16: He et al disclose the method of claim 3 and claim 1 
respectively, wherein a processing step continues a registration process if a 
failure count does not exist for the user equipment (col 26, lines 40-52). He et 
al disclosed that it is possible for the user equipment to not be found in a 
registration database, which means there would also be no failure count for 
that user equipment. 

6. Claims 10 and 17: He et al disclose the method of claim 9 and claim 16 
respectively, further comprising: 



Application/Control Number: 09/878,230 Page 8 

Art Unit: 2135 

a. Incrementing the failure count for the user equipment if a failure count was 
accessed and if during the registration process the user equipment is not 
authenticated (col 26, lines 40-52). 

b. Initializing a failure count for the user equipment to an initial value if a 
failure count does not exist for the user equipment and if during the 
registration process the user equipment is not authenticated (col 26, lines 
40-52). 

7. Claim 12: He et al disclose the method of claim 1 , further comprising 
incrementing the failure count for the user equipment if during a registration 
process the user equipment is not authenticated (col 26, lines 40-52). 

8. Claims 8 and 15: He et al disclose the method of claim 4 and claim 12 
respectively, further comprising decrementing the failure count after a 
predetermined period of time (col 17, lines 13-17). The examiner has 
interpreted the time for an examination of the account to be complete to be a 
predetermined period of time. In this case, it is inherent that since He et al 
disclose the account being only temporarily disabled that the failure count 
must be decremented at some point in time. Further, the examiner would like 
to note that one of ordinary skill in the art at the time of the applicants 
invention would most likely recognize the advantage of automatically 
decrementing the failure count after a certain predetermined time period as 
this would allow a legitimate user of the account to be able to log on without 
an administrator's intervention after their account is temporarily disabled 
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either by them or someone else. For a large enough user or equipment base 
in a network, if the administrator had to get involved with every single 
investigation before valid accounts are re-enabled, it could turn into a very 
time consuming task for the administrator. 
Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over He et al 

(U.S. 6,088,451) in view of Asokan et al (U.S. 2001/0017856) and Holmes et al (U.S. 

6,230,009). 

1 . Claim 11: He et al do not disclose a method claim 1 0, wherein the user 
equipment is a mobile station in one of a data network and a wireless voice 
network. However, Holmes et al disclose a communication network 
consisting of a mobile station in a data and wireless voice network (col 1, 
lines 23-26). One of ordinary skill in the art would be motivated to implement 
a security feature in the communication network disclosed by Holmes et al 
which keeps track of a registration failure count of a user equipment as this 
would make the network more secure and protect resources in the network. 
Claims 5, 7 and 13-14 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over He et al (U.S. 6,088,451) in view of Asokan et al (U.S. 

2001/0017856) and Nawrocki (U.S. 6,256,116). 

1. Claims 5 and 13: He et al do not disclose the method of claim 4 and claim 12 
respectively, further comprising sending a message to the user equipment 
instructing the user equipment not to attempt registration for a predetermined 
period of time if the incremented failure count equals or exceeds the 
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predetermined threshold. However, sending a message to a user instructing 
him/her to stop trying to authenticate/register for a predetermined amount of 
time after a predetermined failure-to-authenticate count has been reached is 
known to one of ordinary skill in the art at the time of the applicant's invention. 
Further, Nawrocki discloses a request-to-stop transmission attempts being 
sent by a facsimile-blocking device to a facsimile machine (col 1 , lines, 35- 
44). One of ordinary skill would recognize that it would be advantageous to 
send a request-to-stop transmission for a predetermined amount of time 
message to the user equipment whose registration attempts has reached or 
exceeded a predetermined failure threshold as it would save network 
resources if the user equipment followed the message's instruction. The 
examiner has interpreted any authentication or registration attempts by the 
user equipment as a type of transmission by the user equipment. 
2. Claims 7 and 14: He et al do not disclose a method of claim 5 and claim 13 
respectively, further comprising decrementing the failure count after a 
predetermined period of time has elapsed from a sending step. However, He 
et al disclose decrementing the failure count after a predetermined period of 
time (col 17, lines 13-17). It would make sense to start the count down of 
when to decrement the failure count from the point in which the message was 
sent as this would most likely coincide with the time when the failure threshold 
was reached. The examiner would like to note that there is no way to 
guarantee that the user equipment will follow the instruction to not try to 
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register again for a certain time period as the user equipment could be 
outside the control of the network with which it is trying to register. 
Claims 6 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

He et al (U.S. 6,088,451) in view of Asokan et al (U.S. 2001/0017856), Holmes et al 

(U.S. 6,230,009), and Nawrocki (U.S. 6,256,1 16). 

1. Claims 6 and 18: He et al do not disclose a method of claim 5 and claim 1 
respectively wherein the user equipment is a mobile station in one of a data 
network and a wireless voice network. However, Holmes et al disclose a 
communication network consisting of a mobile station in a data and wireless 
voice network (col 1 , lines 23-26). One of ordinary skill in the art would be 
motivated to implement a security feature in the communication network 
disclosed by Holmes et al which keeps track of a registration failure count of a 
user equipment as this would make the network more secure and protect 
resources in the network. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

1. Tabuki (U.S. 5,706,427) discloses a network authentication method. 

2. Kaashoek et al (U.S. 2002/0035683) discloses an architecture to thwart a 
denial of service attack. 

3. Boyd et al (U.S. 6,317,787) discloses a system and method for analyzing web 
traffic data. 
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4. Bernhard et al (U.S. 6,275,942) discloses a system for automatic response to 
an intrusion detected on a network. 

5. Reiche (U.S. 6,092,196) discloses a distributed remote user authentication 
system. 

6. Green et al (U.S. 6,003,084) discloses a network proxy. 

7. Stockwell et al (U.S. 5,950,195) discloses a system and method for regulating 
network traffic through a firewall. 

8. Coleman (U.S. 5,717,756) discloses a method for preventing unauthorized 
access to a network using session keys. 

9. Feuerstein et al (U.S. 2002/0083341) discloses a security component for a 
computing device to analyze a request for resource to determine if the 
request poses a risk to the resource and/or to the network. 

1 0. DeLude (U.S. 6,223,985) discloses the use of a failure counter and timer for 
authentication. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 8:00am-4:30pm Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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